Does Custom Background for Post and Page have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Background for Post and Page have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Background for Post and Page compatible with WordPress 3.6.1?

According to WordPress.org data, Custom Background for Post and Page 1.0 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Custom Background for Post and Page updated?

Custom Background for Post and Page was last updated on Oct 19, 2013. Frequent updates are generally a positive security signal.

What is Custom Background for Post and Page's security score?

Custom Background for Post and Page has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Background for Post and Page Security & Risk Analysis

wordpress.org/plugins/custom-background-for-post-and-page

This plugin allows you to design your WordPress website background globally or design each post or page individually.

40 active installs v1.0 PHP + WP 1.0+ Updated Oct 19, 2013

custom-background-deisgncustom-background-imagepost-page-background-imagepost-page-design

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom Background for Post and Page Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Background for Post and Page has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The plugin "custom-background-for-post-and-page" v1.0 exhibits a mixed security posture. On the positive side, the static analysis reveals no known CVEs, a complete absence of dangerous functions, and all SQL queries utilize prepared statements, indicating a good foundation for secure coding. The plugin also implements nonce and capability checks, which are essential for protecting against common WordPress exploits.

However, a significant concern arises from the output escaping. The analysis shows that 100% of the 19 outputs are not properly escaped, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis did not reveal critical or high-severity issues, the presence of one flow with an unsanitized path warrants attention, as it could potentially be exploited if combined with other weaknesses. The lack of known vulnerabilities in its history is positive, but this could be due to limited exposure or previous fixes. The plugin's strengths lie in its SQL handling and the presence of basic security checks, but the widespread lack of output escaping is a critical weakness that needs immediate remediation.

Key Concerns

All outputs are unescaped (XSS risk)
Flow with unsanitized path found

Vulnerabilities

None known

Custom Background for Post and Page Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Custom Background for Post and Page Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped19 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

custombg_start (custombg.php:41)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Custom Background for Post and Page Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionpost_edit_form_tagcustombg.php:33

actionwp_headcustombg.php:38

actionadmin_menucustombg.php:39

actionadd_meta_boxescustombg.php:102

actionsave_postcustombg.php:108

actionadmin_noticescustombg.php:301

Maintenance & Trust

Custom Background for Post and Page Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedOct 19, 2013

PHP min version

Downloads8K

Community Trust

Rating100/100

Number of ratings2

Active installs40

Alternatives

Custom Background for Post and Page Alternatives

No alternatives data available yet.

Developer Profile

Custom Background for Post and Page Developer Profile

sunil chaulagain

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom Background for Post and Page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-background-for-post-and-page/jscolor.js

HTML / DOM Fingerprints

HTML Comments

Data Attributes

enctype="multipart/form-data"name="custombg"class="color {hash:true}"name="document_file"id="document_file"name="bgcolor"+4 more

JS Globals

CUSTOMBG_PLUGIN_URL

FAQ